in cgroups.Cgroup is absolute. This is required to get stats of other containers while running inside a docker container.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
This will allow us to do the following with docker.
Customize the way that a labeling system like SELinux will run on a container.
--label-opt="user:USER" : Set the label user for the container
--label-opt="role:ROLE" : Set the label role for the container
--label-opt="type:TYPE" : Set the label type for the container
--label-opt="level:LEVEL" : Set the label level for the container
--label-opt="disabled" : Turn off label confinement for the container
Since we are passing a list of string options instead of a space separated
string of options, I will change function calls to use InitLabels instead of
GenLabels. Genlabels interface is Deprecated.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
If a particular kernel doesn't have namespace directories that
libcontainer tries to attain during nsenter(), ignore the error (this is
consistent with the previous implementation of nsenter()).
Docker-DCO-1.1-Signed-off-by: Aleksa Sarai <cyphar@cyphar.com> (github: cyphar)
- we don't need to add a "daemon" user to busybox; it already has one :)
- if we split out the "go get" from the "go install", we can have nice clean output on "docker build" of which dependencies we're pulling in and all the packages that get built :)
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
make sh will spawn a new container using the minimal.json file inside
busybox and you don't even know what is going on.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Add another netlink test and remove the -v from the dockerfile test
output
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
RunIn will connect to a user specified Terminal before running the command.
Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
I've also updated the comments with the current status of the commented-out targets (since we're getting close to having them available for our Travis-use in the relevant upstreams).
Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
The issue with doing a remount as ro with sysfs is that if a container
is still in one of the hosts namepsaces, commonly with the NET
namespace, the remount will cause the host's systems sysfs to be
remounted as ro also. We can fix this correctly by not doing the
remount and just mount sys as ro in the first place.
The other remounts are individual files within proc so they will not
have this issue.
For context please see:
https://github.com/dotcloud/docker/issues/7101
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
Victor Marmol
Bernerd Schaefer
Vishnu Kannan
Dan Walsh
maebashi
Aleksa Sarai
Michael Crosby
Dhammika Pathirana
Tianon Gravi